michael@0: /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ michael@0: /* vim: set ts=4 et sw=4 tw=80: */ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef nsScriptSecurityManager_h__ michael@0: #define nsScriptSecurityManager_h__ michael@0: michael@0: #include "nsIScriptSecurityManager.h" michael@0: #include "nsIPrincipal.h" michael@0: #include "nsIXPCSecurityManager.h" michael@0: #include "nsCOMPtr.h" michael@0: #include "nsIChannelEventSink.h" michael@0: #include "nsIObserver.h" michael@0: #include "plstr.h" michael@0: #include "nsIScriptExternalNameSet.h" michael@0: #include "js/TypeDecls.h" michael@0: michael@0: #include michael@0: michael@0: class nsIDocShell; michael@0: class nsCString; michael@0: class nsIClassInfo; michael@0: class nsIIOService; michael@0: class nsIStringBundle; michael@0: class nsSystemPrincipal; michael@0: class ClassInfoData; michael@0: michael@0: ///////////////////////////// michael@0: // nsScriptSecurityManager // michael@0: ///////////////////////////// michael@0: #define NS_SCRIPTSECURITYMANAGER_CID \ michael@0: { 0x7ee2a4c0, 0x4b93, 0x17d3, \ michael@0: { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }} michael@0: michael@0: class nsScriptSecurityManager : public nsIScriptSecurityManager, michael@0: public nsIChannelEventSink, michael@0: public nsIObserver michael@0: { michael@0: public: michael@0: static void Shutdown(); michael@0: michael@0: NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID) michael@0: michael@0: NS_DECL_ISUPPORTS michael@0: NS_DECL_NSISCRIPTSECURITYMANAGER michael@0: NS_DECL_NSIXPCSECURITYMANAGER michael@0: NS_DECL_NSICHANNELEVENTSINK michael@0: NS_DECL_NSIOBSERVER michael@0: michael@0: static nsScriptSecurityManager* michael@0: GetScriptSecurityManager(); michael@0: michael@0: static nsSystemPrincipal* michael@0: SystemPrincipalSingletonConstructor(); michael@0: michael@0: JSContext* GetCurrentJSContext(); michael@0: michael@0: JSContext* GetSafeJSContext(); michael@0: michael@0: /** michael@0: * Utility method for comparing two URIs. For security purposes, two URIs michael@0: * are equivalent if their schemes, hosts, and ports (if any) match. This michael@0: * method returns true if aSubjectURI and aObjectURI have the same origin, michael@0: * false otherwise. michael@0: */ michael@0: static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI); michael@0: static uint32_t SecurityHashURI(nsIURI* aURI); michael@0: michael@0: static nsresult michael@0: ReportError(JSContext* cx, const nsAString& messageTag, michael@0: nsIURI* aSource, nsIURI* aTarget); michael@0: michael@0: static uint32_t michael@0: HashPrincipalByOrigin(nsIPrincipal* aPrincipal); michael@0: michael@0: static bool michael@0: GetStrictFileOriginPolicy() michael@0: { michael@0: return sStrictFileOriginPolicy; michael@0: } michael@0: michael@0: /** michael@0: * Returns true if the two principals share the same app attributes. michael@0: * michael@0: * App attributes are appId and the inBrowserElement flag. michael@0: * Two principals have the same app attributes if those information are michael@0: * equals. michael@0: * This method helps keeping principals from different apps isolated from michael@0: * each other. Also, it helps making sure mozbrowser (web views) and their michael@0: * parent are isolated from each other. All those entities do not share the michael@0: * same data (cookies, IndexedDB, localStorage, etc.) so we shouldn't allow michael@0: * violating that principle. michael@0: */ michael@0: static bool michael@0: AppAttributesEqual(nsIPrincipal* aFirst, michael@0: nsIPrincipal* aSecond); michael@0: michael@0: void DeactivateDomainPolicy(); michael@0: michael@0: private: michael@0: michael@0: // GetScriptSecurityManager is the only call that can make one michael@0: nsScriptSecurityManager(); michael@0: virtual ~nsScriptSecurityManager(); michael@0: michael@0: bool SubjectIsPrivileged(); michael@0: michael@0: // Decides, based on CSP, whether or not eval() and stuff can be executed. michael@0: static bool michael@0: ContentSecurityPolicyPermitsJSAction(JSContext *cx); michael@0: michael@0: static bool michael@0: JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second); michael@0: michael@0: // Returns null if a principal cannot be found; generally callers michael@0: // should error out at that point. michael@0: static nsIPrincipal* doGetObjectPrincipal(JSObject* obj); michael@0: michael@0: // Returns null if a principal cannot be found. Note that rv can be NS_OK michael@0: // when this happens -- this means that there was no JS running. michael@0: nsIPrincipal* michael@0: doGetSubjectPrincipal(nsresult* rv); michael@0: michael@0: nsresult michael@0: GetCodebasePrincipalInternal(nsIURI* aURI, uint32_t aAppId, michael@0: bool aInMozBrowser, michael@0: nsIPrincipal** result); michael@0: michael@0: nsresult michael@0: CreateCodebasePrincipal(nsIURI* aURI, uint32_t aAppId, bool aInMozBrowser, michael@0: nsIPrincipal** result); michael@0: michael@0: // Returns null if a principal cannot be found. Note that rv can be NS_OK michael@0: // when this happens -- this means that there was no script for the michael@0: // context. Callers MUST pass in a non-null rv here. michael@0: nsIPrincipal* michael@0: GetSubjectPrincipal(JSContext* cx, nsresult* rv); michael@0: michael@0: nsresult michael@0: Init(); michael@0: michael@0: nsresult michael@0: InitPrefs(); michael@0: michael@0: inline void michael@0: ScriptSecurityPrefChanged(); michael@0: michael@0: inline void michael@0: AddSitesToFileURIWhitelist(const nsCString& aSiteList); michael@0: michael@0: nsCOMPtr mSystemPrincipal; michael@0: bool mPrefInitialized; michael@0: bool mIsJavaScriptEnabled; michael@0: nsTArray> mFileURIWhitelist; michael@0: michael@0: // This machinery controls new-style domain policies. The old-style michael@0: // policy machinery will be removed soon. michael@0: nsCOMPtr mDomainPolicy; michael@0: michael@0: static bool sStrictFileOriginPolicy; michael@0: michael@0: static nsIIOService *sIOService; michael@0: static nsIStringBundle *sStrBundle; michael@0: static JSRuntime *sRuntime; michael@0: }; michael@0: michael@0: #define NS_SECURITYNAMESET_CID \ michael@0: { 0x7c02eadc, 0x76, 0x4d03, \ michael@0: { 0x99, 0x8d, 0x80, 0xd7, 0x79, 0xc4, 0x85, 0x89 } } michael@0: #define NS_SECURITYNAMESET_CONTRACTID "@mozilla.org/security/script/nameset;1" michael@0: michael@0: class nsSecurityNameSet : public nsIScriptExternalNameSet michael@0: { michael@0: public: michael@0: nsSecurityNameSet(); michael@0: virtual ~nsSecurityNameSet(); michael@0: michael@0: NS_DECL_ISUPPORTS michael@0: michael@0: NS_IMETHOD InitializeNameSet(nsIScriptContext* aScriptContext); michael@0: }; michael@0: michael@0: namespace mozilla { michael@0: michael@0: void michael@0: GetJarPrefix(uint32_t aAppid, michael@0: bool aInMozBrowser, michael@0: nsACString& aJarPrefix); michael@0: michael@0: } // namespace mozilla michael@0: michael@0: #endif // nsScriptSecurityManager_h__